Barry Constantine schrieb:
Principal Member of Technical Staff
JDSU Communication Test (formerly Acterna)
Emerging Markets and Technology Research
One Milestone Center Court
Germantown, MD 20876
(W) 240-404-2227
(C) 240-499-4750
-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of
wireshark-users-request@xxxxxxxxxxxxx
Sent: Thursday, July 31, 2008 2:30 PM
To: wireshark-users@xxxxxxxxxxxxx
Subject: Wireshark-users Digest, Vol 26, Issue 47
Send Wireshark-users mailing list submissions to
wireshark-users@xxxxxxxxxxxxx
To subscribe or unsubscribe via the World Wide Web, visit
https://wireshark.org/mailman/listinfo/wireshark-users
or, via email, send a message with subject or body 'help' to
wireshark-users-request@xxxxxxxxxxxxx
You can reach the person managing the list at
wireshark-users-owner@xxxxxxxxxxxxx
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Wireshark-users digest..."
Hello Ulf,
Can you give me some more details concerning the file format?
Thanks,
Barry
The file format is basically the same as common libpcap format, see
http://wiki.wireshark.org/Development/LibpcapFileFormat
There are two changes:
- the value in the field magic_number changed to 0xa1b23c4d (to detect
the changed timestamp) - or 0x4d3cb2a1 if you have a byte swapped file
- the field ts_usec changed it's meaning to contain nsec fraction of a
second (instead of the millisecond based value in standard libpcap)
Hope this helps,
Regards, ULFL
P.S: If you reply to a digest mail, please remove any unrelated content
first! It's hard to find the related content - which won't motivate
possible replies ;-)
